David & all,
It seems like there's 2 problems. In my understanding of Samba a UNIX
account is required in any case. As to the second problem with the realm,
could you please post your smb.conf? I'm not sure what would cause that
problem
other than being in the wrong workgroup or pointing to the wrong AD server.
spike
David Wruck wrote:
> I have been working with this for a little over a month now, and here's
> where we are at:
>
> We have 3 domains, 2 of them are sending SIDs to the Solaris box, and
> Kerbos is compiled and working (we can authenticate to any of the 3
> domains), we can get user IDs from any of the 3 domains, however none of
> the users can gain access to the share unless we give them a Unix account.
>
> Samba was compiled with ADS support, and the make file shows that krb5
> and ADS are both 1, however when we add the 'realm =' to the config
file
> we get an error with Samba claiming it does not understand the realm
> setting.
>
> We are using 3.0.9, and the exact error is that the AD user is not
> found, yet wbinfo can find the user accounts just fine. The AD is a 2000
AD.
>
> We have followed steps in the docs, and on more mailing lists than I
> care to remember at this point. If anyone could point out any possible
> flaw, I'd appreciate it. I apologize for not having cut and paste
> messages and such, but I'm not anywhere near the machine at the moment,
> however I could post anything that would be useful later.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba